* GOST R 34.10-2001 (RFC 5832) public key signature function
* GOST R 34.10-2012 (RFC 7091) public key signature function
* various 34.10 curve parameters included
+* VKO 34.10-2001 Diffie-Hellman function (RFC 4357)
* GOST R 34.12-2015 128-bit block cipher Кузнечик (Kuznechik) (RFC 7801)
* GOST R 34.13-2015 padding methods
-* VKO 34.10-2001 Diffie-Hellman function (RFC 4357)
* 28147-89 and CryptoPro key wrapping (RFC 4357)
* 28147-89 CryptoPro key meshing for CFB mode (RFC 4357)
import (
"bytes"
"crypto/rand"
+ "encoding/hex"
"testing"
"testing/quick"
)
pub.VerifyDigest(digest, sign)
}
}
+
+func TestVKO(t *testing.T) {
+ c, _ := NewCurveFromParams(CurveParamsGostR34102001Test)
+ ukm, _ := hex.DecodeString("33a252f825be7251")
+ prvRaw1, _ := hex.DecodeString("1df129e43dab345b68f6a852f4162dc69f36b2f84717d08755cc5c44150bf928")
+ prvRaw2, _ := hex.DecodeString("5b9356c6474f913f1e83885ea0edd5df1a43fd9d799d219093241157ac9ed473")
+ kek, _ := hex.DecodeString("ee4618a0dbb10cb31777b4b86a53d9e7ef6cb3e400101410f0c0f2af46c494a6")
+ prv1, _ := NewPrivateKey(c, DigestSize2001, prvRaw1)
+ prv2, _ := NewPrivateKey(c, DigestSize2001, prvRaw2)
+ pub1, _ := prv1.PublicKey()
+ pub2, _ := prv2.PublicKey()
+ kek1, _ := prv1.KEK(pub2, ukm)
+ kek2, _ := prv2.KEK(pub1, ukm)
+ if bytes.Compare(kek1, kek2) != 0 {
+ t.FailNow()
+ }
+ if bytes.Compare(kek1, kek) != 0 {
+ t.FailNow()
+ }
+}
+
+func TestRandomVKO(t *testing.T) {
+ c, _ := NewCurveFromParams(CurveParamsGostR34102001Test)
+ f := func(prvRaw1 [32]byte, prvRaw2 [32]byte, ukm [8]byte) bool {
+ prv1, err := NewPrivateKey(c, DigestSize2001, prvRaw1[:])
+ if err != nil {
+ return false
+ }
+ prv2, err := NewPrivateKey(c, DigestSize2001, prvRaw2[:])
+ if err != nil {
+ return false
+ }
+ pub1, _ := prv1.PublicKey()
+ pub2, _ := prv2.PublicKey()
+ kek1, _ := prv1.KEK(pub2, ukm[:])
+ kek2, _ := prv2.KEK(pub1, ukm[:])
+ return bytes.Compare(kek1, kek2) == 0
+ }
+ if err := quick.Check(f, nil); err != nil {
+ t.Error(err)
+ }
+}
"errors"
"io"
"math/big"
+
+ "cypherpunks.ru/gogost/gost28147"
+ "cypherpunks.ru/gogost/gost341194"
)
type PrivateKey struct {
}
return append(pad(s.Bytes(), pk.ds), pad(r.Bytes(), pk.ds)...), nil
}
+
+// Make Diffie-Hellman computation. Key Encryption Key calculation.
+// UKM is user keying material, also called VKO-factor, 8-bytes long.
+// It is based on RFC 4357 VKO GOST 34.10-2001 with little-endian hash
+// output.
+func (pk *PrivateKey) KEK(pub *PublicKey, ukm []byte) ([]byte, error) {
+ if len(ukm) != 8 {
+ return nil, errors.New("UKM must be 8 bytes long")
+ }
+ keyX, keyY, err := pk.c.Exp(pk.key, pub.x, pub.y)
+ if err != nil {
+ return nil, err
+ }
+ t := make([]byte, DigestSize2001)
+ copy(t[int(DigestSize2001)-len(ukm):], ukm)
+ keyX, keyY, err = pk.c.Exp(bytes2big(t), keyX, keyY)
+ if err != nil {
+ return nil, err
+ }
+ h := gost341194.New(&gost28147.GostR3411_94_CryptoProParamSet)
+ copy(t, pad(keyX.Bytes(), int(DigestSize2001)))
+ reverse(t)
+ h.Write(t)
+ copy(t, pad(keyY.Bytes(), int(DigestSize2001)))
+ reverse(t)
+ h.Write(t)
+ t = h.Sum(t[:0])
+ reverse(t)
+ return t, nil
+}
CBC (@url{https://tools.ietf.org/html/rfc4357.html, RFC 4357})
modes of operation
@item various 28147-89-related S-boxes included
+@item VKO 34.10-2001 Diffie-Hellman function
+ (@url{https://tools.ietf.org/html/rfc4357.html, RFC 4357})
@item GOST R 34.11-94 hash function
(@url{https://tools.ietf.org/html/rfc5831.html, RFC 5831})
@item GOST R 34.11-2012 Стрибог (Streebog) hash function